[unisog] Access control in wireless and other plublic access networks
Peter Van Epp
vanepp at sfu.ca
Mon Oct 21 23:10:58 GMT 2002
Well, I'd advise not following up on Nokia but that said we are using
the Vernier for both wireless and wired access control (wired is a little
exciting because the user has to remember to log out or we have to boot them
off, since the lack of carrier change on wired stations in a lab environment
where we provide the terminals won't auto logoff). The dropin labs (which we
also have, a 10/100 socket and a power plug) of course work OK in that the
MAC address goes away and gets auto logged off. There are a couple of other
boxes similar to Vernier floating around now (I expect someone else will
chime in with them :-)), but I'd certainly recommend Vernier, support has
been good when we had problems (it was beta code and a real obscure problem
with IRC, so it of course showed up here lots and never anywhere else :-)) so
I know they can fix the tough ones when they hit them and by and large there
haven't been problems, it just sits there and works.
One nice feature of the Vernier is that if the client is misconfigured
the Vernier will NAT it and it will still run fine (and of course log what it
has done so that the appropriate whack can be applied if needed :-)). That
feature alone is going to be valuable in teaching spaces to allow faculty to
bring in the machine (laptop or otherwise) from their office, plug it in and
have it work without any configuration change required from the fixed IP that
works in their office. The NATing is invisible to them (unless of course there
are IP based access controls on the remote end that will object to the NAT
address that they are trying to connect from which may cause a few puzzled
calls of "but it worked in my office and I didn't change anything" :-)).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
> Hi All,
> We are a looking for access control methods for large new project that
> will see both wireless LANs and publicly accessible network sockets in a
> large study area. I have followed this list since its inception so I
> have seen the previous discussions on securing wireless LANs and I am
> following up several leads including Vernier and Nokia.
> The problem of securing publicly accessible network ports strikes me as
> being very similar to that of controlling access on a wireless network.
> My question is "Is anyone using the same systems to secure both wireless
> and physical ports?".
> Having one mechanism for both has obvious attractions.
> I'd also like to know of any 'new' products that I might miss by
> concentrating my research on the list archives.
> Cheers and thanks,
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland, New Zealand
> "It aint necessarily so" - Gershwin
More information about the unisog